Petya is wreaking havoc in the world

World is reeling under a new breed of virus PETYA, an encryption malware. Petya is a name of encryption tool or virus which encrypts your computer and demands for a ransom. It has attacked thousands of computers and servers across the world till date. It takes advantage of loopholes in windows system and spreads rapidly. Literately, Petya is wreaking havoc in the world.

Petya is wreaking havoc in the world

Petya attack is second biggest attack in last 4 months. It reportedly started from Ukraine (unconfirmed report) and then spread across Russia, Europe and America. It targeted big firms like Danish shipping giant A.P. Moller-Maersk, one of the biggest media company UK’s WPP, Pharma company Merck & Co, food giant Mondelez, DLA Piper, Ukrainian banks and their international airport. The list goes on. Not to mention the small and medium firms. The assessment of actual damage is not possible, however it must in billions of dollars.

What is Petya exactly?

Petya is a name of new malware which encrypts the files on your computer and you are no longer able to open them without using the decryption key. You have obtain the key from Petya owners. They ask for ransom in return of the key to decrypt your files. Hence the name Ransomware. Once your system is infected you have no choice, but to format the drive and install everything from scratch. You can’t get the decryption key because the mail id from which the Petya owners were sending the key are now blocked by the service providers.

It was the worst nightmare for the companies who don’t have a proper backup solution in place. They lost all their valuable data within a few minutes.

How it spread?

It reportedly started from Ukraine. Ukraine govt. was using an accounting software which was targeted by the hackers to inject and infect the systems. As that software was widely used by government companies, Petya quickly spread to those establishments. Ukraine has accused Russia, obviously, for trying to sabotage the country. Petya takes advantage of a vulnerability in the windows system known as EternalBlue. Microsoft has already patched the bug however, there are large number of systems which are unpatched.

How does Petya work?

We encrypt our files to keep it from unauthorized users. Encryption software also provides us a unique key to decrypt the files later on.

As I described earlier, Petya is nothing but a malicious encryption software. Petya, as a ransomware, uses this tool to blackmail computer users. Once it infects your computer, it will encrypt all your files on the disk. Once your files are encrypted and you don’t know the key, you can’t open any of the files. Petya shows you a message to pay some amount of money in Bitcoin to get the files decrypted. Now, the irony is that the email id which is provided by Petya developers has been shut down long back. That means, there is no way you can get back your key and open the files.

There is more to it- Once infected, the ransomware overwrites the MBR of the system with own custom boot loader. The new boot loader contains some code which starts encrypting the files.

The remedy

Although most of the big antivirus companies claim to have patched the vulnerability and updated their virus signature, the malicious virus is still affecting systems. In order to protect your system from such ransomware, first you should have an antivirus in place and it should be updated. Most important thing- latest windows patch specifically, MS17-010 should be updated. On top of this, you should have a firewall enabled on your system.

Future of Petya

Although the risk of the ransomware has reduced after initial attack, it is always recommended to remain vigilant. Petya may attack again, no one knows. Go through the latest happenings in the computer world and be aware. Once again, keep your antivirus, anti-malware and windows updated.